Details of VAR-201402-0224

ID

VAR-201402-0224

CVE

CVE-2014-0742

TITLE

Cisco Unified Communications Manager of CSR Management function Certificate Authority Proxy Function Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2014-001497

DESCRIPTION

The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. Vendors have confirmed this vulnerability Bug ID CSCum95464 It is released as.Any file may be read or modified by the local user. Cisco Unified Communications Manager is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain escalated privileges. This issue is being tracked by Cisco Bug ID CSCum95464. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2014-0742 // JVNDB: JVNDB-2014-001497 // BID: 65788 // VULHUB: VHN-68235

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	10.0(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.0(1)	Trust: 0.3

sources: BID: 65788 // JVNDB: JVNDB-2014-001497 // CNNVD: CNNVD-201402-427 // NVD: CVE-2014-0742

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0742
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0742
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201402-427
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68235
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0742
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68235
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68235 // JVNDB: JVNDB-2014-001497 // CNNVD: CNNVD-201402-427 // NVD: CVE-2014-0742

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-68235 // JVNDB: JVNDB-2014-001497 // NVD: CVE-2014-0742

THREAT TYPE

local

Trust: 0.9

sources: BID: 65788 // CNNVD: CNNVD-201402-427

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201402-427

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001497

PATCH

title:	Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742	Trust: 0.8
title:	33045	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=33045	Trust: 0.8

sources: JVNDB: JVNDB-2014-001497

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0742	Trust: 2.8
db:	SECTRACK	id:	1029843	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001497	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-427	Trust: 0.7
db:	CISCO	id:	20140225 CISCO UNIFIED COMMUNICATIONS MANAGER CAPF CSR ARBITRARY FILE READ/WRITE VULNERABILITY	Trust: 0.6
db:	BID	id:	65788	Trust: 0.4
db:	VULHUB	id:	VHN-68235	Trust: 0.1

sources: VULHUB: VHN-68235 // BID: 65788 // JVNDB: JVNDB-2014-001497 // CNNVD: CNNVD-201402-427 // NVD: CVE-2014-0742

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0742	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33045	Trust: 2.0
url:	http://www.securitytracker.com/id/1029843	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0742	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0742	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-68235 // BID: 65788 // JVNDB: JVNDB-2014-001497 // CNNVD: CNNVD-201402-427 // NVD: CVE-2014-0742

CREDITS

Cisco

Trust: 0.3

sources: BID: 65788

SOURCES

db:	VULHUB	id:	VHN-68235
db:	BID	id:	65788
db:	JVNDB	id:	JVNDB-2014-001497
db:	CNNVD	id:	CNNVD-201402-427
db:	NVD	id:	CVE-2014-0742

LAST UPDATE DATE

2024-11-23T22:46:07.854000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68235	date:	2015-07-29T00:00:00
db:	BID	id:	65788	date:	2014-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-001497	date:	2014-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201402-427	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-0742	date:	2024-11-21T02:02:43.620

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68235	date:	2014-02-27T00:00:00
db:	BID	id:	65788	date:	2014-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2014-001497	date:	2014-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201402-427	date:	2014-02-28T00:00:00
db:	NVD	id:	CVE-2014-0742	date:	2014-02-27T01:55:03.350